HIPAA Guide
Text Blaze is a secure web application utilized for productivity and automation. While we follow security best practices such as encryption of data at rest and in transit, Text Blaze is not considered a Business Associate. Text Blaze falls under the Conduit Exception Rule as addressed in the HIPAA Omnibus Rule.
Per Health and Human Services: “The conduit exception applies where the only services provided to a covered entity or Business Associate customer are for transmission of ePHI that do not involve any storage of the information other than on a temporary basis incident to the transmission service.”
Please visit the article Guidance on HIPAA & Cloud Computing written by HHS for further information on Cloud Computing and the Conduit Exception Rule.
As with any new application, we always advise organizations to consult with their legal team, risk management team, or other applicable departments before using a new application.
If you have further questions regarding our security stance or any compliance concerns, please reach out to compliance@blaze.today.
Data Storage
Text Blaze protects user data from account creation using Google’s authentication services, to encryption of data in transit to and from Text Blaze servers using browser based Transport Layer Security (our application dashboard has an A+ rating from Qualys SSL Labs), and finally encryption of that data at rest on our servers using the 256-bit Advanced Encryption Standard (AES).
We work with industry leading Cloud service providers. Our core systems are built on the Google Cloud Platform located in the United States and our community forums run on Digital Ocean. These service providers maintain industry-standard security certifications such as SOC 1, SOC 2, and ISO 27001.
Snippets and PHI
Text Blaze stores the snippets you create at dashboard.blaze.today in our Google Cloud Platform located in the United States. Snippets are created for the purpose of automation and increased productivity.
Please use caution and do not save Personal Health Information (PHI) directly in the snippets themselves on the dashboard, as this will store the sensitive data on Text Blaze’s servers. We do not classify as a Business Associate, nor do we recommend storing PHI directly in the snippets. At this time, Text Blaze does not sign Business Associate Agreements.
Text Blaze Forms and PHI
Instead of saving PHI directly in snippets, we recommend your organization utilize the Text Blaze Forms functionality within the Text Blaze Chrome Extension.
Forms will allow you to add in specific details such as the addressee or patient’s name to a snippet. The forms functionality utilizes the Chrome Extension on your browser to allow you to type data into the yellow field for a one-time automation purpose, such as filling in a patient name. Please visit Working with Forms Guide for further details regarding forms.
The forms functionality of the extension is completed locally, can run offline, and we do not store the data entered after the window is closed, nor does the data cross the internet to our servers. For details on installing extensions and the management of them, please visit the Google Support Article - Install and manage extensions - Chrome Web Store Help.
Compliance
Please review our Terms of Service and Privacy Policy.
If you have further questions regarding our security stance or any other concerns, please reach out to compliance@blaze.today. We will gladly work with you and your organization to answer any questions you may have.